Performance Evaluation of Snort and Suricata Intrusion Detection Systems on Ubuntu Server

  • Alka GuptaEmail author
  • Lalit Sen Sharma
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 597)


Network intrusion detection systems (NIDS) are emerging as a reliable solution in providing protection against threats to integrity and confidentiality of the information on the Internet. Two widely used open-source intrusion detection systems are Snort and Suricata. In this paper, Snort and Suricata are compared experimentally through a series of tests to identify more scalable and reliable IDS by putting the systems under high traffic. Results indicated that Snort had a lower system overhead than Suricata and utilized only one processor on a multi-core environment. However, Suricata evenly utilized all the processing elements of the multi-core environment and provided higher packet analysis rate. For malicious traffic, both Snort and Suricata dropped packets with Snort on the higher side for low traffic rate and size. But with large packet size and high rate of malicious input traffic, Suricata dropped more packets as compared to Snort. It was also observed that the memory utilization of Suricata depended on both the size of traffic and the amount of malicious traffic; whereas, memory utilization of Snort was independent of the input traffic.


Snort Suricata Performance NIDS Multi-threaded Multi-core Experiment 


  1. 1.
    Agbogun, J.B., Ejiga, F.A.: Network security management: solutions to network intrusion related problems. Int. J. Comput. Inf. Technol. 02(04), 617–625 (2013)Google Scholar
  2. 2.
    Roesch, M.: Snort-lightweight intrusion detection for networks. In: 13th Systems Administration Conference (LISA), Seattle, Washington, USA (1999)Google Scholar
  3. 3.
    Snort,” Sourcefire, [Online]. Available
  4. 4.
    Whitea, J.S., Fitzsimmonsb, T.T., Matthews, J.N.: Quantitative analysis of intrusion detection systems: Snort and Suricata. Int. Soc. Optics Photonics (2013)Google Scholar
  5. 5.
    Thongkanchorn, K., Ngamsuriyaroj, S., Visoottiviseth, V.: Evaluation studies of three intrusion detection systems under various attacks and rule sets. IEEE (2013)Google Scholar
  6. 6.
    Ridho, M.F., Yasin, F., Sulistyo, Y.: Analysis and evaluation Snort, bro, and Suricata as intrusion detection system based on Linux server. Naskah_Publikasi (2014)Google Scholar
  7. 7.
    Naidu, R.A., Avadhani, P.S.: A comparison of two intrusion detection systems. Int. J. Comput. Sci. Technol. 4(1), 316–319 (2013)Google Scholar
  8. 8.
    Albin, E., Rowe, N.C.: A realistic experimental comparison of the Suricata and Snort intrusion-detection systems. In: 26th International Conference on Advanced Information Networking and Applications Workshops (2012) Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computer Science and ITUniversity of JammuJammuIndia

Personalised recommendations